;Template Description for Analyst: ;AnalystName: Enter your complete name ;AnalystEMailID: EMail ID of analyst ;Team: Specify team you belong to China, India, Romania or Ukraine ;Date: Define date in dd-mmm-yyy format, when you write or update this description, i.e. 10-JAN-2010 ;Type: This should come from malware name, like for Virus.Win32.Virut, Type is Virus ;Platform: This is always fixed as Win32 as of now ;Family: As this description belongs to ;Variant: If you are writing for a specific variant in a family, mention so, like Virus.Win32.Virut.CE ;OVERVIEW: Give a brief overview of malware behavior ;TECHNICAL_DESCRIPTION: Give complete technical description ;SYMPTOMPS: In case system is infected with malware and there are any visible symptomps, which can be identified by end user, mention so, if any ;DISINFECTION: If there are manual steps which user can use to remove malware, like remove certain registry entries or files, should be mentioned here. ; ;http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782790 link's "Removal instructions" can be good example. ;Here are few example links, where other vendors have published information in various ;http://www.symantec.com/security_response/writeup.jsp?docid=2009-020411-2802-99 ;http://www.f-secure.com/v-descs/virus_w32_virut.shtml ;http://vil.nai.com/vil/content/v_154029.htm ;http://www.avast.com/eng/win32beagle.html ;http://free.avg.com/ww-en/66558 ;http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782790 ;This ini file should be filled for every major variant and be attached to related ticket in trac [INFO] AnalystName=Vaishnavi.V.K AnalystEMailID=vaishnavik@comodo.com Team=India Date=01-JUN-2010 Type=TrojWare Platform=Win32 Subtype= Family=Trad Variant= [OVERVIEW] This rootkit gets downloaded and installed with the help of other malwares. [TECHNICAL_DESCRIPTION] Sample is a sys file Dropped sys file which will be installed as a rootkit in affected systems File size ranges from 21kb-43kb File is packed by a unknown packer [SYMPTOMS] [DISINFECTION] Run CIS with latest update base and remove the detected threat.